The NSA’s Hidden Spy Hubs in Eight U.S. Cities
The NSA considers AT&T to be one of its most trusted partners and has lauded the company’s “extreme willingness to help.” It is a collaboration that dates back decades. Little known, however, is that its scope is not restricted to AT&T’s customers. According to the NSA’s documents, it values AT&T not only because it “has access to information that transits the nation,” but also because it maintains unique relationships with other phone and internet providers. The NSA exploits these relationships for surveillance purposes, commandeering AT&T’s massive infrastructure and using it as a platform to covertly tap into communications processed by other companies.
It is an efficient point to conduct internet surveillance, Klein said, “because the peering links, by the nature of the connections, are liable to carry everybody’s traffic at one point or another during the day, or the week, or the year.”
Christopher Augustine, a spokesperson for the NSA, said in a statement that the agency could “neither confirm nor deny its role in alleged classified intelligence activities.” Augustine declined to answer questions about the AT&T facilities, but said that the NSA “conducts its foreign signals intelligence mission under the legal authorities established by Congress and is bound by both policy and law to protect U.S. persons’ privacy and civil liberties.”
Jim Greer, an AT&T spokesperson, said that AT&T was “required by law to provide information to government and law enforcement entities by complying with court orders, subpoenas, lawful discovery requests, and other legal requirements.” He added that the company provides “voluntary assistance to law enforcement when a person’s life is in danger and in other immediate, emergency situations. In all cases, we ensure that requests for assistance are valid and that we act in compliance with the law.”
Dave Schaeffer, CEO of Cogent Communications, told The Intercept that he had no knowledge of the surveillance at the eight AT&T buildings, but said he believed “the core premise that the NSA or some other agency would like to look at traffic … at an AT&T facility.” He said he suspected that the surveillance is likely carried out on “a limited basis,” due to technical and cost constraints. If the NSA were trying to “ubiquitously monitor” data passing across AT&T’s networks, Schaeffer added, he would be “extremely concerned.”
An estimated 99 percent of the world’s intercontinental internet traffic is transported through hundreds of giant fiber optic cables hidden beneath the world’s oceans. A large portion of the data and communications that pass across the cables is routed at one point through the U.S., partly because of the country’s location – situated between Europe, the Middle East, and Asia – and partly because of the pre-eminence of American internet companies, which provide services to people globally.
The NSA calls this predicament “home field advantage” – a kind of geographic good fortune. “A target’s phone call, email, or chat will take the cheapest path, not the physically most direct path,” one agency document explains. “Your target’s communications could easily be flowing into and through the U.S.”
Once the internet traffic arrives on U.S. soil, it is processed by American companies. And that is why, for the NSA, AT&T is so indispensable. The company claims it has one of the world’s most powerful networks, the largest of its kind in the U.S. AT&T routinely handles masses of emails, phone calls, and internet chats. As of March 2018, some 197 petabytes of data – the equivalent of more than 49 trillion pages of text, or 60 billion average-sized mp3 files – traveled across its networks every business day.
The NSA documents, which come from the trove provided to The Intercept by the whistleblower Edward Snowden, describe AT&T as having been “aggressively involved” in aiding the agency’s surveillance programs. One example of this appears to have taken place at the eight facilities under a classified initiative called SAGUARO.
In October 2011, the Foreign Intelligence Surveillance Court, which approves the surveillance operations carried out under Section 702 of FISA, found that there were “technological limitations” with the agency’s internet eavesdropping equipment. It was “generally incapable of distinguishing” between some kinds of data, the court stated. As a consequence, Judge John D. Bates ruled, the NSA had been intercepting the communications of “non-target United States persons and persons in the United States,” violating Fourth Amendment protections against unreasonable searches and seizures. The ruling, which was declassified in August 2013, concluded that the agency had acquired some 13 million “internet transactions” during one six-month period, and had unlawfully gathered “tens of thousands of wholly domestic communications” each year.
The root of the issue was that the NSA’s technology was not only targeting communications sent to and from specific surveillance targets. Instead, the agency was sweeping up people’s emails if they had merely mentioned particular information about surveillance targets.
A top-secret NSA memo about the court’s ruling, which has not been disclosed before, explained that the agency was collecting people’s messages en masse if a single one were found to contain a “selector” – like an email address or phone number – that featured on a target list.
Information provided by a second former AT&T employee adds to the evidence linking the Atlanta building to NSA surveillance. Mark Klein, a former AT&T technician, alleged in 2006 that the company had allowed the NSA to install surveillance equipment in some of its network hubs. An AT&T facility in Atlanta was one of the spy sites, according to documents Klein presented in a court case over the alleged spying. The Atlanta facility was equipped with “splitter” equipment, which was used to make copies of internet traffic as AT&T’s networks processed it. The copied data would then be diverted to “SG3” equipment – a reference to “Study Group 3” – which was a code name AT&T used for activities related to NSA surveillance, according to evidence in the Klein case.